4.3

CVE-2009-0023

EPSS 10.07%
Veröffentlicht 08.06.2009 01:00:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 59

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Apr-util Version <= 1.3.4

Apache ≫ Apr-util Version0.9.1

Apache ≫ Apr-util Version0.9.2

Apache ≫ Apr-util Version0.9.3

Apache ≫ Apr-util Version0.9.4

Apache ≫ Apr-util Version0.9.5

Apache ≫ Apr-util Version1.0

Apache ≫ Apr-util Version1.0.1

Apache ≫ Apr-util Version1.0.2

Apache ≫ Apr-util Version1.1.0

Apache ≫ Apr-util Version1.1.1

Apache ≫ Apr-util Version1.1.2

Apache ≫ Apr-util Version1.2.1

Apache ≫ Apr-util Version1.2.2

Apache ≫ Apr-util Version1.2.6

Apache ≫ Apr-util Version1.2.7

Apache ≫ Apr-util Version1.2.8

Apache ≫ Apr-util Version1.3.0

Apache ≫ Apr-util Version1.3.1

Apache ≫ Apr-util Version1.3.2

Apache ≫ Apr-util Version1.3.3

Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.07%	0.928

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Third Party Advisory

https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://marc.info/?l=bugtraq&m=129190899612998&w=2

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Third Party Advisory

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT3937

Third Party Advisory

http://www.vupen.com/english/advisories/2009/3184

Third Party Advisory

https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg27014463

Third Party Advisory

http://secunia.com/advisories/35395

Third Party Advisory

http://www.ubuntu.com/usn/usn-787-1

Third Party Advisory

http://secunia.com/advisories/34724

Third Party Advisory

http://secunia.com/advisories/35284

Third Party Advisory

Vendor Advisory

http://secunia.com/advisories/35360

Third Party Advisory

Vendor Advisory

http://secunia.com/advisories/35444

Third Party Advisory

http://secunia.com/advisories/35487

Third Party Advisory

http://secunia.com/advisories/35565

Third Party Advisory

http://secunia.com/advisories/35710

Third Party Advisory

http://secunia.com/advisories/35797

Third Party Advisory

http://secunia.com/advisories/35843

Third Party Advisory

http://secunia.com/advisories/37221

Third Party Advisory

http://security.gentoo.org/glsa/glsa-200907-03.xml

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.538210

Third Party Advisory

http://svn.apache.org/viewvc?view=rev&revision=779880

Third Party Advisory

http://wiki.rpath.com/Advisories:rPSA-2009-0144

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PK88341

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PK91241

Third Party Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg1PK99478

Third Party Advisory

http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3

Third Party Advisory

http://www.debian.org/security/2009/dsa-1812

Patch

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:131

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-1107.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-1108.html

Third Party Advisory

http://www.securityfocus.com/archive/1/507855/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/35221

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-786-1

Third Party Advisory

http://www.vupen.com/english/advisories/2009/1907

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=503928

Patch

Third Party Advisory

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/50964

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10968

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12321

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01173.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01201.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01228.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2009-0023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0023

EUVD